7 Commits

Author SHA1 Message Date
Grzegorz Grasza
6930bc24b2 Memcached client TLS support
This patch specifies a set of configuration options required to build
a TLS context, which is used to wrap the client connection socket.

Closes-Bug: #1906846
Change-Id: I03a92168b90508956f367fbb60b7712f95b97f60
2021-01-06 09:47:38 -08:00
Tim Burke
aff65242ff memcache: Make error-limiting values configurable
Previously these were all hardcoded; let operators tweak them as needed.
Significantly, this also allows operators to disable error-limiting
entirely, which may be a useful protection in case proxies are
configured with a single memcached server.

Use error_suppression_limit and error_suppression_interval to mirror the
option names used by the proxy-server to ratelimit backend Swift
servers.

Co-Authored-By: Alistair Coles <alistairncoles@gmail.com>
Change-Id: Ife005cb8545dd966d7b0e34e5496a0354c003881
2020-11-05 23:37:24 +00:00
Clay Gerrard
3347646023 fixups for ipv6 memcache_servers docs
Change-Id: I20d91c1e276014eaf210fa9eb43788bc17f4e8df
2016-01-12 21:08:58 -08:00
Clay Gerrard
2012339982 Make more memcache options configurable
More memcache options can be set in the memcache.conf or proxy-server.conf

 * connect_timeout
 * pool_timeout
 * tries
 * io_timeout

Options set in proxy-server.conf are considered more specific to the memcache
middleware.

DocImpact

Change-Id: I194d0f4d88c6cb8c797a37dcab48f2d8473e7a4e
2015-01-14 11:16:32 -05:00
Peter Portante
6e313e957d Fix for memcache middleware configuration
The documentation rightly said to use "memcache_max_connections", but
the code was looking for "max_connections", and only looking for it in
proxy-server.conf, not in memcache.conf as a fall back.

This commit brings the code coverage for the memcache middleware to
100%.

Closes-Bug: 1252893
Change-Id: I6ea64baa2f961a09d60b977b40d5baf842449ece
Signed-off-by: Peter Portante <peter.portante@redhat.com>
2013-11-26 18:03:33 +00:00
Vincent Untz
e1ff51c045 Do not use pickle for serialization in memcache, but JSON
We don't want to use pickle as it can execute arbitrary code. JSON is
safer. However, note that it supports serialization for only some
specific subset of object types; this should be enough for what we need,
though.

To avoid issues on upgrades (unability to read pickled values, and cache
poisoning for old servers not understanding JSON), we add a
memcache_serialization_support configuration option, with the following
values:

 0 = older, insecure pickle serialization
 1 = json serialization but pickles can still be read (still insecure)
 2 = json serialization only (secure and the default)

To avoid an instant full cache flush, existing installations should
upgrade with 0, then set to 1 and reload, then after some time (24
hours) set to 2 and reload. Support for 0 and 1 will be removed in
future versions.

Part of bug 1006414.

Change-Id: Id7d6d547b103b4f23ebf5be98b88f09ec6027ce4
2012-08-03 16:22:21 +02:00
gholt
338be6a681 Added memcache.conf option
Change-Id: Idfcb97421a5c1476b776acef94c7b997dab55aa9
2012-01-10 02:01:47 +00:00